Where to store JWT - ace-han/vue-drf-jwt GitHub Wiki

As per
https://dev.to/rdegges/please-stop-using-local-storage-1i04 https://stackoverflow.com/questions/34817617/should-jwt-be-stored-in-localstorage-or-cookie

We should stop store JWT in localStorage. Instead, we should store JWT in Cookie

• Single Page Application (SPA)
  Cookie

1. login set access_token and refresh_token in cookies
2. go to next=url if any
3. before ajax, get CSRF token from js-cookie and set it in as config.headers['X-CSRFToken'] = $csrfToken according to csrf.py in django/middleware/csrf.CsrfViewMiddleware#process_view
4. for every ajax with response status code 4xx, do_refresh_token and queue-up deferred ajax calls
5. if do_refresh_token get a new access_token then do the queue-up deferred ajax calls
6. else redirect to login

• Mobile
  Android: SharedPreferences
  iOS: KeyChain or UserDefault
• Weapp and likewise app
  localStorage
  (Yes, localStorage. But we can do it with weapp-cookie to keep aligned with the operations in SPA)